I recently discovered why I hadn't been receiving many KLEZ messages.
My server has been bouncing them as "User unknown". Why? because the
addresses I use the most (at least on forums where the average member it
more likely to be a clueless user who'd get infected in the first place)
are plussed.
Seems that KLEZ is parsing the address after the plus (or parsing
"outwards" from the @). So, where an address might be
"username+plusportion(_at_)domain(_dot_)tld", KLEZ it snapping it up as
"plusportion(_at_)domain(_dot_)tld", which in my case, doesn't resolve to valid
usernames on my systems.
I went back and checked, and sure enough, there were a buttload of "unknown
user" errors in archives maillogs. Besides not having to filter them out
in the first place, I'm also not taking the delivery hit for the circa
120KB attachment...
I figure this insight might be of interest to someone. Let's see everyone
switching to plussed aliases... <g>
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail